The EHR stores enormous amount of Patient Health Information (PHI) and is being transmitted to providers/patients electronically (ePHI), which leads to a threat of getting accessed by a third person illegally. To protect the ePHI to the most, privacy and security are inevitable things to make sure the protected records are in safe hand always.

Once security policies are in place, it doesn’t mean there are no more actions required to be cared. Day by day the loop holes and new bugs are getting introduced which makes it mandatory to review the security policies in place and if needed necessary loop holes and bugs need to be fixed / updated.

Security Risk analysis deals with comparing the present security measures with the legal standards and policies announced by HIPAA so that provider would come to know where his/her EHR stands in safe guarding patient health information (ePHI). Also SRA provides the opportunity to identify the high risk areas and there by mitigation plan with action could be taken place.

Basic Security and Privacy Threats:

Threats / risks could be of any form. Some of them are,

Inappropriate or unauthorized access to Patient’s records

Natural threats such as floods, earth quakes, tornadoes.

Virus attacks on mobile devices and medical equipment

To gain patients’ trust and to comply with HIPAA and Meaningful Use requirements, every Practice/Hospital should conduct SRA before going for an attestation and during the reporting period. Here is the 10 step plan to meet privacy and security portions of meaningful use from HealthIT